Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21051

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00451EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-50470

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/12 12:28 a.m.8 views

CVE-2025-28244

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover...

8.8CVSS6.5AI score0.00451EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/10 12:0 a.m.3 views

CVE-2025-28244

Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover...

7.2AI score0.00451EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.5 views

PT-2025-29129 · Alteryx · Alteryx Server

Name of the Vulnerable Software and Affected Versions: Alteryx Server version 2023.1.1.460 Description: An insecure permissions issue in the local storage component of Alteryx Server allows remote attackers to obtain valid user session tokens from localStorage, potentially leading to account...

8.8CVSS6.1AI score0.00451EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/08 12:0 a.m.6 views

PT-2024-13846 · Grandstream · Grandstream Gxp16Xx +1

Name of the Vulnerable Software and Affected Versions: Grandstream GXP14XX version 1.0.8.9 Grandstream GXP16XX version 1.0.7.13 Description: An issue was discovered that allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token...

8.8CVSS7.4AI score0.00386EPSS
Exploits0References6
NVD
NVD
added 2024/01/30 5:15 p.m.34 views

CVE-2023-46231

In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on...

7.2CVSS6.7AI score0.00478EPSS
Exploits0References1
Prion
Prion
added 2024/01/30 5:15 p.m.23 views

Design/Logic Flaw

In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on...

5.8CVSS7.1AI score0.00478EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/09/16 4:15 p.m.19 views

CVE-2021-42948

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's...

3.7CVSS7AI score0.0067EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/09/30 5:9 p.m.42 views

LiveQuery publishes user session tokens in parse-server

Impact For regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery...

7.5CVSS1.2AI score0.01206EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder